Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Yesterday: Senior dev messages out a screenshot of someone using an extension method I wrote (he didn’t know I wrote it)..
SeniorDev: “OMG…that has to be the stupidest thing I ever saw.”
Me: “Stupid? Why?”
SeniorDev: “Why are they having to check the value from the database to see if it’s DBNull and if it is, return null. The database value is already null. So stupid.”
Me: “DBNull is not null, it has a value. When you call the .ToString, it returns an empty string.”
SeniorDev: ”No it doesn’t, it returns null.”
<oh no he didn’t….the smack down begins>
Me: “Really? Are you sure?”
SeniorDev: “Yes! And if the developer bothered to write any unit tests, he would have known.”
Me: “Unit tests? Why do you assume there aren’t any unit tests? Did you look?”
<at this moment, couple other devs take off their head phones and turn around>
SeniorDev:”Well…uh…I just assumed there aren’t because this is an obvious use case. If there was a test, it would have failed.”
Me: “Well, let’s take a look..”
<open up the test project…navigate to the specific use case>
Me: “Yep, there it is. DBNull.Value.ToString does not return a Null value.”
SeniorDev: “Huh? Must be a new feature of C#. Anyway, if the developers wrote their code correctly, they wouldn’t have to use those extension methods. It’s a mess.”
<trying really hard not drop the F-Bomb or two>
Me: “Couple of years ago the DBAs changed the data access standard so any nullable values would always default to null. So no empty strings, zeros, negative values to indicate a non-value. Downside was now the developers couldn’t assume the value returned the expected data type. What they ended up writing was a lot of code to check the value if it was DBNull. Lots of variations of ‘if …’ , ternary operators, some creative lamda expressions, which led to unexpected behavior in the user interface. Developers blamed the DBAs, DBAs blamed the developers. Remember, Tom and DBA-Sam almost got into a fist fight over it.”
SeniorDev: “Oh…yea…but that’s a management problem, not a programming problem.”
Me: “Probably, but since the developers starting using the extension methods, bug tickets related to mis-matched data has nearly disappeared. When was the last time you saw DBA-Sam complain about the developers?”
SeniorDev: “I guess not for a while, but it’s still no excuse.”
Me: “Excuse? Excuse for what?”
<couple of awkward seconds of silence>
SeniorDev: “Hey, did you guys see the video of the guy punching the kangaroo? It’s hilarious…here, check this out.. ”
Pin shoulders the mat…1 2 3….I win.6 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
Okay so my weekend project went well :D put my retropie system inside of this old r2d2 I've had collecting dust. Has a cooling fan inside as well as a 16x2 lcd I was playing with. Got a red led tied to the rpis txd pin, ports in the front for easy access and power cord and hdmi coming out the back.
2 -
Long rant ahead.. 5k characters pretty much completely used. So feel free to have another cup of coffee and have a seat 🙂
So.. a while back this flash drive was stolen from me, right. Well it turns out that other than me, the other guy in that incident also got to the police 😃
Now, let me explain the smiley face. At the time of the incident I was completely at fault. I had no real reason to throw a punch at this guy and my only "excuse" would be that I was drunk as fuck - I've never drank so much as I did that day. Needless to say, not a very good excuse and I don't treat it as such.
But that guy and whoever else it was that he was with, that was the guy (or at least part of the group that did) that stole that flash drive from me.
Context: https://devrant.com/rants/2049733 and https://devrant.com/rants/2088970
So that's great! I thought that I'd lost this flash drive and most importantly the data on it forever. But just this Friday evening as I was meeting with my friend to buy some illicit electronics (high voltage, low frequency arc generators if you catch my drift), a policeman came along and told me about that other guy filing a report as well, with apparently much of the blame now lying on his side due to him having punched me right into the hospital.
So I told the cop, well most of the blame is on me really, I shouldn't have started that fight to begin with, and for that matter not have drunk that much, yada yada yada.. anyway he walked away (good grief, as I was having that friend on visit to purchase those electronics at that exact time!) and he said that this case could just be classified then. Maybe just come along next week to the police office to file a proper explanation but maybe even that won't be needed.
So yeah, great. But for me there's more in it of course - that other guy knows more about that flash drive and the data on it that I care about. So I figured, let's go to the police office and arrange an appointment with this guy. And I got thinking about the technicalities for if I see that drive back and want to recover its data.
So I've got 2 phones, 1 rooted but reliant on the other one that's unrooted for a data connection to my home (because Android Q, and no bootable TWRP available for it yet). And theoretically a laptop that I can put Arch on it no problem but its display backlight is cooked. So if I want to bring that one I'd have to rely on a display from them. Good luck getting that done. No option. And then there's a flash drive that I can bake up with a portable Arch install that I can sideload from one of their machines but on that.. even more so - good luck getting that done. So my phones are my only option.
Just to be clear, the technical challenge is to read that flash drive and get as much data off of it as possible. The drive is 32GB large and has about 16GB used. So I'll need at least that much on whatever I decide to store a copy on, assuming unchanged contents (unlikely). My Nexus 6P with a VPN profile to connect to my home network has 32GB of storage. So theoretically I could use dd and pipe it to gzip to compress the zeroes. That'd give me a resulting file that's close to the actual usage on the flash drive in size. But just in case.. my OnePlus 6T has 256GB of storage but it's got no root access.. so I don't have block access to an attached flash drive from it. Worst case I'd have to open a WiFi hotspot to it and get an sshd going for the Nexus to connect to.
And there we have it! A large storage device, no root access, that nonetheless can make use of something else that doesn't have the storage but satisfies the other requirements.
And then we have things like parted to read out the partition table (and if unchanged, cryptsetup to read out LUKS). Now, I don't know if Termux has these and frankly I don't care. What I need for that is a chroot. But I can't just install Arch x86_64 on a flash drive and plug it into my phone. Linux Deploy to the rescue! 😁
It can make chrooted installations of common distributions on arm64, and it comes extremely close to actual Linux. With some Linux magic I could make that able to read the block device from Android and do all the required sorcery with it. Just a USB-C to 3x USB-A hub required (which I have), with the target flash drive and one to store my chroot on, connected to my Nexus. And fixed!
Let's see if I can get that flash drive back!
P.S.: if you're into electronics and worried about getting stuff like this stolen, customize it. I happen to know one particular property of that flash drive that I can use for verification, although it wasn't explicitly customized. But for instance in that flash drive there was a decorative LED. Those are current limited by a resistor. Factory default can be say 200 ohm - replace it with one with a higher value. That way you can without any doubt verify it to be yours. Along with other extra security additions, this is one of the things I'll be adding to my "keychain v2".11 -
I'm going to spend the night with a rapidly flashing blue LED in my room.
I'm currently fixing an HDD, and the access LED is just going crazy. That's gonna be a long night.5 -
Sorry I haven't been as active lately, however this is one of the better prompts, so I feel I should have it in my track record. Beware, it's a long one...
Let's trace the roots: My uncle was building desktops and he told my dad he'd build him one if my dad paid him for the components. These days I know builds aren't rocket science, but back then my parents didn't do their research. So my dad paid him.
Give or take some time, and most of the parts are complete. He underestimated the prices of a few things and had to ask for $200 more to complete the build. This...caused my dad to explode.
Later, I heard my dad ranting to my stepmom in January 2017 about how the last convo he had with his brother was a "Fuck-you conversation" - it was the last because my uncle had died in 2003.
Flash forward to March 2017. My mom and I are sitting in a Fazoli's, a nice sunset out of the full-length windows. I had to probe. HAD TO.
"You promise you won't tell your dad I told you this?" she asked.
"You know Kellie and I can't stand to be around him." I replied.
As the story goes, that last "Fuck-you conversation"? Over a fucking measly $200. Yup, the last conversation between my dad and his brother to ever happen was a shouting match over a relatively short amount of money. I wish I could say my dad had remorse, but he doesn't. He still talks shit. He's also technologically illiterate, so I doubt there was a way his brother was going to be able to reason with him.
In late 2003, my uncle, who had been a smoker, passed away due to cardiac arrest. The build was still not finished. This was one of the OTHER things that I have mixed feelings about.
After my uncle passed, my aunt paid someone to finish the build and get it shipped to my dad. We'll get back to why I feel this is fucked up, stay tuned...
---------
It's Spring 2004. I'm in the last half of what I think is Kindergarten or some shit...too lazy to do the math. Anyway, my dad announces we have a family computer - however, I couldn't read yet. That didn't stop the waste of oxygen that is my father from going in the Windows XP screensavers and putting text in that said "GAGE MORGAN WILL NOT TOUCH THIS COMPUTER." He's such a fuckin' dick, now AND back then.
My mom had an issue with this. I don't know why, but she did. Later, I was slowly taught how to use the mouse, under heavy supervision. Then I went to my grandma's house. She taught me one very specific thing on her old Win98 (386, maybe? IDK my old hw shit man), and because I know you guys are gonna love this one:
"The blue "e" opens up your games!"
The blue "e" does not open up your games, it opens something that can lead to your games.
I went home and tried this...without permission. My dad came down and discovered my lollygagging on the homepage - this is fucking weird. It was before Nextel, IIRC, so Sprint's logo was red still. Yes, we had broadband from Sprint. I don't know what saga led to that going the way of the dodo, but...
Back on track, I literally got my pants pulled down and had my bare bottom beat. He was gonna drag my ass upstairs and lock me in my room, but before he could, he accidentally slammed MY FUCKING RIGHT TEMPLE into the corner of a hardwood table at the bottom of the staircase.
The wailing that resulted probably was different than the previous form, which is probably what got my mom involved. My dad had a way of going too far, and in retrospect I'm more terrified now of what could've happened than I was then.
Later, I was given access to games in the form of my own account and bookmarks bar. That wasn't the end of the madness/drama from my use of that machine, but it was the earliest form.
Ever since Kindergarten, that one fateful day, I've been defying any/all imposed limitations on tech set on me by my parents...well, not anymore, but literally grades K-12. I'm living on my own, aka "adulting" now. It sucks more than you think, man.
---------
Let's tie this up before I reach the limit. I said I thought it was fucked up when my aunt paid to have the build finished and shipped to us after my uncle's death.
Yes, my aunt's intervention led to me ultimately majoring in computer science.
That doesn't change the fact that she shouldn't have done it.
My dad was an asshole to her husband, who passed. She is ultimately too caring. I don't think my jackass father should've been able to get by with that, he didn't deserve the freebie. Someone else should've told him his brother did in fact need that $200.
I haven't seen her IRL since the funeral when my grandpa passed in 2005. 2006 spelled the end of my parents' marriage.
Hope you guys enjoyed this - it's only a small segment of how I got to where I am now - tiny, actually.2 -
Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D
1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?
2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?
3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?
4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?
5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.
6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).
7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?
8) Any other advice you can give :P ?12
Top Tags
Weekly Rant
View